Upload File

gsma_report on overaly sim cards

prev
next
out of 2
Download GSMA_report on Overaly SIM Cards

Upload: walu-john

Post on 01-Jun-2018

242 views

Category:

Documents


1 download

Report

TRANSCRIPT

  • 8/9/2019 GSMA_report on Overaly SIM Cards

    1/2

    Generic Overlay SIM Security Assessment

    GSMA is aware that proprietary SIM solutions have been in existence for many years and these

    include the slim SIM. More commonly referred to as an Overlay SIM, the solution could be

    considered a disruptive technology and it has been used to support legitimate services, including the

    provision of low cost roaming services, as well as more questionable uses such as unauthorised

    device unlocking.

    The Overlay SIM takes the form of a thin plastic sheet into which a chip is embedded that can be

    placed on top of a standard SIM card within a mobile device. The Overlay SIM sits between the SIM

    card and the device and has access to and full visibility of all communications taking place between

    those two elements.

    Although the Overlay SIM is capable of using security technologies, such as cryptographic keys, to

    host and execute sensitive services and transactions, use of the technology has the potential to

    introduce a range of new security risks due to its ability to observe sensitive data in transit between

    the mobile device and the original SIM. The GSMAs Security Group has considered the theoretical

    risks associated with the use of Overlay SIM technology in a general sense and concluded the

    following:

    The Overlay SIM has the potential to facilitate a man-in-the-middle attack by observing

    collecting and revealing sensitive data such as PINs, encryption keys, etc. Specifically, an Overlay

    SIM could pose the following risks:

    o

    Observe, record and divulge mobile user PIN detailso Initiate, intercept, manipulate and/or block mobile communications including voice calls,

    SMS, USSD, SIP calls and web sessions

    o Initiate, intercept, manipulate and/or destroy SIM toolkit instructions

    o Execute actions without the explicit permission or knowledge of the mobile user

    o Record and disclose user location information

    o Obtain unauthorised access to the SIM card and change configuration settings

    The exposure of the channel between the SIM and device to eavesdropping has been in

    existence for many years but there is no evidence that it has been exploited. However, the

    Overlay SIM provides a tool that could be used to exploit this existing vulnerability and if widely

    deployed it could be used to create a botnet that could be used to commit fraud and/or

    compromise customer privacy. The level of risk to mobile users depends on the trustworthiness of the provider and issuer of

    Overlay SIMs not to exploit the vulnerability by including functionality on the Overlay SIM to

    harvest and reveal sensitive data eavesdropped between the SIM and the device.

    A risk also exists that, even if the Overlay SIM supplier and issuer behave responsibly, a malicious

    third party could potentially download a Trojanapp to the Overlay SIM to access sensitive

    data.

    It is important to note that in conducting this risk assessment GSMAs Security Group did not have or

    consider technical details of any individual Overlay SIM implementation. The risks described above

    are those considered to be theoretically applicable to poorly or maliciously designed Overlay SIM

    solutions and GSMA is not suggesting that these apply to all or any specific solutions. Similarly,

    GSMA is not in a position to ascertain if individual Overlay SIM implementations gather any sensitive

  • 8/9/2019 GSMA_report on Overaly SIM Cards

    2/2

    data and make that available to unauthorised parties or if they manipulate or compromise the

    security of the existing SIM in any way. This document merely raises the possibility that these

    potential risks exist and could arise.

    Recommendation:Network operators, regulators and other stakeholders should be aware of the risks that Overlay

    SIMs can pose to mobile users and security sensitive services. These risks should be taken into

    consideration when assessing the suitability of Overlay SIM based solutions for use in the

    marketplace.

    When considering the suitability of Overlay SIM based solutions for deployment GSMA recommends

    that:

    Promoters and suppliers of Overlay SIM solutions should provide assurances and verify that

    their implementations mitigate the risks outlined in this document.

    Only Overlay SIM solutions that have been independently analysed and certified as being

    free from any functionality designed to undermine the security of users or issuers of originalSIMs should be deployed.

    Mobile users should be advised of the potential dangers that could result from inserting

    unapproved elements in their devices and they should be provided with assurances

    pertaining to approved solutions.


alipurduar.gov.inalipurduar.gov.in/tender/2019/eoi28012020.pdf · The bidder should also submit an affidavit that the bidder has not ... new SIM cards in case previous SIM cards damaged

OECD work on Internet of Things and M2M SIM cards

Nokia 7 plus User Guide4G/3G/2G networks, while the secondary SIM can only support 3G/2G. For more information on your SIM cards, contact your service provider. CHOOSE WHICH SIM TO

Useful Information for Volunteers · choosing the tariff plan. SIM cards are quite cheap and prices vary from about Rs 200 to 250 depending on the network. Local SIM cards are not

CD Pack, DVD Pack SIM/Chip Cards Postcard-Pack

ekit corporate · Ph: +61 3 9674 7001 // Mob: +61 416 620 798 // Email: [email protected] • International SIM Cards • Domestic SIM Cards • Worldwide Mobile Phones • Global

DEFCON 21 Koscher Butler the Secret Life of SIM Cards Updated

SIM cards in Osmocom networks · 17/10/18 (c) 2018 sysmocom GmbH 1 SIM cards in Osmocom networks Philipp Maier

At a glance Start Home screen & apps Control & …...To set up your phone to use two SIM cards, insert both cards, turn on your phone and follow the prompts. To finish dual SIM setup,

SIM Injector - More SIM, More Rangedownload.peplink.com/resources/pepxim_sim_injector... · 2020. 9. 16. · SIM-BK8-4E-56V SIM Injector, 8x SIM cards capacity, 4x 10/100/1000 LAN

Solutions to Enhance IoT Authentication Using SIM Cards (UICC) · Solutions to Enhance IoT Authentication Using SIM Cards (UICC) 2 1 Introduction 1.1 Purpose The purpose of this document

Sim Cards&Apps Otu Oro v2

The Secret Life of SIM Cards - DEF CON

Turning Side sense on or offTap the SIM card switches to enable or disable the SIM cards. Find and tap [Settings] > [Network & internet] > [Dual SIM]. You may find the item under [Advanced]

The Secret Life of SIM Cards - Defcon

Sim Guideline Wib 1 3 Equipped Sim Cards

Buy Prepaid SIM Cards Melbourne

Cloning 3G/4G SIM Cards with a PC and an Oscilloscope ... Conf/Blackhat/2015/us-15-Yu-Cloning-3G-4G-SIM...Lab of Cryptology and Computer Security Cloning 3G/4G SIM Cards with a PC

THINKING THE FUTURE OF EUROPEAN INDUSTRY Digitalization, …€¦ · M2M connections M2M sim cards/100 inhabitants (left axis) M2M sim cards (in million; right axis) ... 2016. 2020

International Sim Cards Clay Telecom

Mandatory registration of prepaid SIM cards - GSMA · PDF fileMandatory registration of prepaid SIM cards ... the availability of official identity documents, ... mobile phone with

Mandatory registration of prepaid SIM cards - GSMA · 2016-10-05 · Mandatory registration of prepaid SIM cards Addressing challenges through best practice ... Allow / encourage

Micro-SIM template for iPad/iPhone 4 SIM Cards - Macnotesmacnotes.net/files/2010/06/micro-sim-stencil-ipad3g-iphone4.pdf · Micro-SIM template for iPad/iPhone 4 SIM Cards The Apple

Earth Roam presents the cheapest International SIM Cards

Mandatory Registration of Prepaid SIM cards: Addressing

16K SIM Card Personalization Document - cosconor.fr Cards/SIM Cards... · from GSM 11.11 version 7.4.0 Release 1998 Annex D. Files Description Value ‘2F E2’ ICC identification

Introduction€to SIM€Cards - cosconor.frcosconor.fr/GSM/Divers/Others/Cours/SIM Cards/Introduction to SIM... · Introduction€to€GSM€11.11 ... BSS:€Base€Station€System

Introduction to SIM Cards

Embedded Forensics: An Ongoing Research on SIM/USIM Cards, Antonio Savoldi

haj.gujarat.gov.in arrangements are being made to distribute SIM cards at Embarkation Points in India, due to the Saudi Govt. regulations, these SIM cards need to be activated only

For personal use only - ASX · 2017-01-17 · GAME-CHANGER: E-SIM Embedded SIM built into mobile devices which allows connectivity SIM Evolution of SIM cards Mini-SIM Micro-SIM Nano-SIM

Custom Sim Cards Tutorial

QUICK START MANUAL SCHNELLSTARTANLEITUNG€¦ · QUICK START 5.2_OPEN UP THE BATTERY COVER 5.3_INSTALLATION OF THE SIM CARDS WARNING Only Micro SIM cards are allowed for use! The

Flash Wireless SIM Cardsacncompass.com/.../Flash-Wireless-SIM-Card-Flyer_050120.pdf · 2020. 5. 5. · Flash Wireless SIM Cards Flash Wireless has an impressive variety of SIM Cards

The Secret Life of SIM Cards - DEF CON Media